Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Zerodium hikes bounties for Apple vulnerabilities to as high as $2M

Zerodium — a security firm that pays for exploits discovered by outside researchers — this week increased its bounties for Apple-related vulnerabilities across the board, offering as much as $2 million for the most sensitive ones.

The $2 million figure requires discovering a remote, "zero-click" iOS jailbreak "with persistence," Zerodium said. The company was previously offering $1.5 million, a sum now available to people who identify a "one-click" remote jailbreak.

Bounties have increased from $500,000 to $1 million for iMessage and SMS hacks, $200,000 to $500,000 for "Safari + LPE (iOS) [vulnerabilities] including a sandbox escape," and from $100,000 to $200,000 for flaws allowing privilege escalation to kernel or root in iOS. The greatest proportional leap may be for Touch ID and passcode bypasses, which now pay out $100,000 instead of $15,000.

The biggest bounties are unlikely to be claimed. While remote jailbreaks were possible in the early years of the iPhone, Apple clamped down hard, nominally for security and stability but with the benefit of preventing people from bypassing the App Store. The company normally takes a 30 percent cut from App Store transactions, and has strict rules on what can appear there.

It can likewise be tough to find flaws in iMessage, though malicious links and characters are sometimes used to force Messages to crash.

Exploits collected by Zerodium are used to provide data and security recommendations to clients. The company courts a "limited number of eligible customers," since criminals and others might naturally want to discover easy hacking methods.

Apple has sometimes been accused of paying too little in the way of bounties, capping sums at $200,000. That encourages researchers to turn elsewhere, even though exploits can have a serious impact on iPhone, iPad, and Mac users.



6 Comments

ericthehalfbee 13 Years · 4489 comments

$100,000 for TouchID bypass?

So which of all those YouTube experts is going to be the first to collect? /s

fallenjt 13 Years · 4056 comments

If this bounty is for Android, this research company will go bankrupt in 1 day...😂

Notsofast 8 Years · 450 comments

The rapidly increasing bounties is a good sign as it means the hacks/bypasses, etc., are being foiled and harder to find.  

mac_dog 16 Years · 1084 comments

Does anyone know anything about this company? Is it possible our government (and others) could be paying them to offer this bounty? I wouldn’t be surprised if they were. 

DAalseth 6 Years · 3067 comments

I question calling them "a security firm". They are a bunch of Black Hat hackers and data brokers that deal in selling stolen exploits. Security Firm, makes them sound like the good guys.